Quarterly GRIT Ransomware Report — Q3 2024
As we wrap up the third quarter of 2024, it’s time to dive into the key takeaways from GRIT’s latest analysis on ransomware and cyber threat trends from Q3. For a detailed breakdown of ransomware trends, threat actor profiles, and industry-specific impacts, check out the full Ransomware & Cyber Threat Insights Report here.
This quarter has seen a continued shift in the ransomware ecosystem, with the rise of what GRIT refers to as “ransomware’s new middle class.” Ransomware victims, which had previously been consolidated across the same two large players, now appear attributed to a broader array of active, developing groups. RansomHub, Play, and Akira remain among the most active threat actors, with RansomHub alone accounting for nearly 20% of this quarter’s publicly posted victims.
One of the most interesting insights from this quarter is the overall decrease in ransomware victim volume, which is down 22% from the same period last year. However, this decline likely represents more of a “correction” in the ransomware economy than an all-out indication of ransomware’s demise. Emerging and mid-sized groups are increasingly filling the void left by disrupted major ransomware operators, and as these nascent groups continue operations, scale is expected to remain steady or increase.
Manufacturing continues to be the most heavily targeted industry, followed closely by Healthcare, Technology, and Retail. GRIT also notes the continued presence of globally rising economies, Brazil and India, by the volume of observed attacks, highlighting ransomware’s expanding reach into foreign markets, even while the United States remains the home of over half of publicly observed victims.
This quarter’s report introduces a Field Report on Qilin, a financially motivated Ransomware-as-a-Service (RaaS) group that has gained traction since its consistent operations began in mid-2023. The report dives into Qilin’s tactics, techniques, tools, and procedures, offering detailed insights based on firsthand experience from GuidePoint’s Digital Forensics and Incident Response (DFIR) team. Despite being something of a dark horse relative to its peers, Qilin’s operational efficiency has allowed it to quickly scale, targeting various sectors with sophisticated tactics.
As we move into Q4, all eyes will be on whether ransomware operations ramp up again as they historically have during the holiday season or if this “middle-class” ecosystem will lead to more sustained but dispersed activity.
Download the full Ransomware & Cyber Threat Insights Report here to explore all of these insights in detail, and don’t forget to Register for our upcoming webinar, where our experts will discuss the report’s findings and what to expect in the coming quarters.